pfsense runs on FreeBSD… XenServer does not support FreeBSD at this time, therefore XenTools will not work. I highly recommend against virtualizing pfsense in a XenServer environment as you will encounter performance degradation from the kernel running in an emulated state. I currently run two virtual pfsense instances on XenServer but only for backend VPN access, and basic internet access. Most of my tests I was unable to exceed 30Mb/s from the virtual pfsense instances. Hopefully this will be addressed soon, or maybe it already has... but I haven't seen anything as of yet.

Phil, OpenVPN would be my choice.  You'll just need to be sure you have set up the firewall rules to allow the client to access all the networks.

Just an FYI here. it is confirmed that a PCI pass-through is possible on AMD based chassis from TAMs based on supermicro H8DME - 2 MB using Ubuntu Server 12.04 and Xen 4.2 also keep in mind that Ubuntu server 13.04 with Xen 4.3 is a no-go it might be something in the kernel I am not sure but I was able to get things working on 12.04 but not on 13.04 since I am still playing with the setup I might try getting things work on 13.04+Xen 4.3  , but not sure about this yet… ESXi is a no-go XenServer 6.2 is a  no-go there are some suggestions that an ArchLinux can work but as a noob I can not /will not go there :-)

Looks like I solved my own problem. Previously, the pfSense VM had a MAC address that was different from the physical NIC connected to the cable modem.  This same MAC was configured as the MAC on the WAN interface in the pfSense configuration and in the VirtualBox configuration.  This worked, but only after physically connecting/disconnecting the cable between the host machine and the cable modem or rebooting the cable modem. The "fix" was to clone the MAC of the physical NIC in both the VirtualBox configuration for the VM and in the WAN configuration in pfSense.  Once I did that all was good! In summary: CentOS: Go to: System->Preferences->Network Connections->(your WAN interface NIC) Under IPv4 Settings tab: set Method to "Disabled" Under IPv6 Settings tab: set Method to "Ignore" VirtualBox: Get the MAC address of your physical NIC connected to the WAN (ifconfig output, whatever you prefer…) Use this MAC value in the WAN network adapter in your VM config pfSense: Use the same MAC value as the above in the pfSense WAN configuration Now reboot and see if your VM grabs a DHCP address properly. I'm not sure why more than 1 MAC on the WAN was causing the conflict, especially since only the VM MAC was ever really in use.  But this approach certainly seems to have resolved the issue for me.  Hopefully it will help others.

Personally, I think at best you save yourself about .1 ms latency and not much more advantage. Many disadvantages though - Like N not working being the primary one.  But G is ok.

I have to say, johnpoz had been very helpful,mailny with my sloooooow 3G connection :-) I'm very happy with all the job he did and ready to start again!! :-))))))) looks like there is plenty of possibilities to set up pfsense, it might(will?!) take a while to study it but feel confident about that.

I just removed the NICs and added back the e1000's and re-configured the networking and everything is running much better.  No errors on the interface, thanks for the suggestion. Thanks jimp, reading yours and Chris book now.  Glad you both love realtek NICs ;-)

"I also am running a vcenter server on there so if I want to add a host for failover I can." vcenter is not FREE, so your not running the free version of esxi?  But your working with crap from 2007 for your hardware?  Why don't you just buy something current from dell ready to go for your esxi host?

OK, I think my issue has been solved.  I downloaded the ova for pfsense and did a vanilla install with no packages.  I didn't see any CPU usage issues so I started comparing settings to my high CPU install and found one option that somehow got turned on at some point. System–>Advanced Enable device polling was checked on I disabled it and as soon as I did I started getting watchdog errors.  I logged onto the pfsense console and rebooted the VM.  After reboot, my CPU usage went from 2600MHz to a mere 138MHz.  Hopefully some of you have the same option enabled.  Not sure how it got turned on.

Xen or XenServer? Which version of pfSense? Are you trying to connect to wan or ping wan address? Because WAN pings from outside are blocked. Also if the set up is LAN –-> pfSenseWAN ---> pfSenseLAN then pfSense by default blocks private networks from accessing the WAN interface. Even if you add an easy rule to allow that, DNS Rebinding and HTTP Referral attack protection means you will not be able to log in to the WebConfigurator. You are pretty much just better off setting pfSense LAN address within your LAN address with static ip and DHCP off and then you can log in to the WebConfig.

First, Thank you so much for taking my call. I have a VLAN with pfsense in XenServer. I'm trying to insert more than 8 interfaces and can not. I believe this is happening because que When creating Vlans in Xen and insert in pfsense, pfsense the understand how physical board and limit the number to be created. Does it have a way to release more interfaces?

bump

have you tried pfsense v2.1 ?

I have set up pfsense as a dynamic SOCKS proxy, OpenVPN server and PPTP server long ago using VMplayer for testing and it worked fine, although adds zero security. I was just in it to test out the various functions at that point.  I assume squid will work also this way.  (also a good way to send someone a ready made VPN if you have no physical access to their system but do have remote desktop) What I did is install wmplayer. Install the latest full release (like 2.03 today) Make the VM so that :       Network is bridge and replicating physical NIC state for WAN.       Another virtual network interface to use as lan. (Not Bridged!)       1 core (2 is better)       512MB ram (you can experiment with less) After I booted, I'm locked out because I only have a WAN but no LAN I can access unless I make another VM of windows or something to use a virtual interface.  More resources…  So, no. I went into the VM shell command interface. pfctl -d Now the firewall is down, so I can go in at the WAN interface of your pfsense (assigned by DHCP by your other router) and deactivate "block private IPs on WAN" and I can also open my port 80 and 443 3128 and whatever other service ports you will need in the firewall rules under the WAN interface tab. Disable DNS Rebinding Checks also. Back to the pfsense command line interface pfctl -e Now your PFsense VM interface is accessible through its wan via your physical computers.  You can set up VPN, Proxy or whatever services you like. You can use it as a proxy for anything on the LAN or from outside on the internet also.  If you plan to access your vmplayer install of pfsense from the internet, you can you just have to forward ports from your first router to whatever IP pfsense gets from it. Stephenw10's way is better than this if your hardware supports VLANs and his way also frees up some hardware.  But you will need a better hypervisor than vmplayer. For me this worked fine but it was just for testing for me until I decided to just install pfsense on hardware as my router/firewall. Try that last part out. It works best.  Just replacing sonicwall with pfsense in the end is better.

you can use 1nic or 2nics for 1nic nic, bridge your physical nic to vmware add two network adapters in vmware settings and select bridge nic –-- for two nics, 1st is you wan interface and 2nd is your lan interface. for wan interface, in local area connection under properties just select/check vmware bridge protocol only. for lan interface, in local area connection under properties just select/check everything.

Hi, Now I have two identical pc:s with Esxi and Pfsense. Both working but hangs and stops working after a couple of weeks. They have no connection to earchather! I dont see any wrong i Esxi logs? After restart they working again, for a couple of weeks :'( Can someone help me what I shuld look after

So are you trying to bridge your wan and dmz interfaces?  Or do you just really want a firewalled segment? In a bridge your dmz devices would get an IP from your WAN network..  If just a firewall segment, then pfsense interface in the dmz network would be the gateway, etc. So for example on pfsense wan int = public ip lan int = 192.168.1.1/24 for example dmz int = 192.168.2.1/24 for example device in lan segment be they phy or vm would have a 192.168.1.0/24 address and point to lan int IP of pfsense device in dmz segment would have ip 192.168.2.0/24 and point to dmz pfsense int IP for gateway. Now when you bring up other interfaces in pfsense (opt1, 2, 3, etc) the firewalls would not allow any traffic outbound on that inteface by default like the lan inteface does when you install pfsense.  So you would have to create your firewall rules to allow the traffic out of that segment that you want. If you are following some guide - links to the guides your following would be very helpful in figuring out what your doing wrong, etc.